refresh the lockfile to automatically remove the vulnerabilities #280
Labels
pinned
Issues that will not be automatically closed
Comments
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, @kalinchernev, I have reported a vulnerability issue in package z-schema.
As far as I am aware, vulnerability SNYK-JS-VALIDATOR-1090600, SNYK-JS-VALIDATOR-1090599, SNYK-JS-VALIDATOR-1090602 and SNYK-JS-VALIDATOR-1090601 detected in package validator<13.6.0 is directly referenced by [email protected], on which your package [email protected] transitively depends. As such, this vulnerability can also affect [email protected] via the following path:
[email protected] ➔ [email protected] ➔ @apidevtools/[email protected] ➔ [email protected] ➔ [email protected](vulnerable version)Since z-schema has released a new patched version [email protected] to resolve this issue ([email protected] ➔ [email protected](fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
[email protected] ➔ [email protected] ➔ @apidevtools/[email protected] ➔ [email protected] ➔ [email protected](vulnerability fix version).A warm tip.^_^
The text was updated successfully, but these errors were encountered: